ulimit
首先我们看下ulimit这个指令的位置
which ulimit
可以看到没有任何输出,这是因为ulimit是内置指令
man ulimit
ubuntu
ULIMIT(3) Linux Programmer's Manual ULIMIT(3)
NAME
ulimit - get and set user limits
SYNOPSIS
#include <ulimit.h>
long ulimit(int cmd, long newlimit);
DESCRIPTION
Warning: this routine is obsolete. Use getrlimit(2), setrlimit(2), and sysconf(3) instead. For the shell command ulimit(),
see bash(1).
The ulimit() call will get or set some limit for the calling process. The cmd argument can have one of the following values.
UL_GETFSIZE
Return the limit on the size of a file, in units of 512 bytes.
UL_SETFSIZE
Set the limit on the size of a file.
3 (Not implemented for Linux.) Return the maximum possible address of the data segment.
4 (Implemented but no symbolic constant provided.) Return the maximum number of files that the calling process can open.
RETURN VALUE
On success, ulimit() returns a nonnegative value. On error, -1 is returned, and errno is set appropriately.
ERRORS
EPERM An unprivileged process tried to increase a limit.
ATTRIBUTES
For an explanation of the terms used in this section, see attributes(7).
┌──────────┬───────────────┬─────────┐
│Interface │ Attribute │ Value │
├──────────┼───────────────┼─────────┤
│ulimit() │ Thread safety │ MT-Safe │
└──────────┴───────────────┴─────────┘
CONFORMING TO
SVr4, POSIX.1-2001. POSIX.1-2008 marks ulimit() as obsolete.
SEE ALSO
bash(1), getrlimit(2), setrlimit(2), sysconf(3)
COLOPHON
This page is part of release 5.05 of the Linux man-pages project. A description of the project, information about reporting
bugs, and the latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.
上面这个是ulimit函数的,而不是shell中这个指令的,所以没啥用
CentOS
这个没有,所以我就不粘结了
ulimit --help
ulimit: ulimit [-SHabcdefiklmnpqrstuvxPT] [limit]
Modify shell resource limits.
Provides control over the resources available to the shell and processes
it creates, on systems that allow such control.
Options:
-S use the `soft' resource limit
-H use the `hard' resource limit
-a all current limits are reported
-b the socket buffer size
-c the maximum size of core files created
-d the maximum size of a process's data segment
-e the maximum scheduling priority (`nice')
-f the maximum size of files written by the shell and its children
-i the maximum number of pending signals
-k the maximum number of kqueues allocated for this process
-l the maximum size a process may lock into memory
-m the maximum resident set size
-n the maximum number of open file descriptors
-p the pipe buffer size
-q the maximum number of bytes in POSIX message queues
-r the maximum real-time scheduling priority
-s the maximum stack size
-t the maximum amount of cpu time in seconds
-u the maximum number of user processes
-v the size of virtual memory
-x the maximum number of file locks
-P the maximum number of pseudoterminals
-T the maximum number of threads
Not all options are available on all platforms.
If LIMIT is given, it is the new value of the specified resource; the
special LIMIT values `soft', `hard', and `unlimited' stand for the
current soft limit, the current hard limit, and no limit, respectively.
Otherwise, the current value of the specified resource is printed. If
no option is given, then -f is assumed.
Values are in 1024-byte increments, except for -t, which is in seconds,
-p, which is in increments of 512 bytes, and -u, which is an unscaled
number of processes.
Exit Status:
Returns success unless an invalid option is supplied or an error occurs.
同样,这个指令在Ubuntu下执行有详细输出,而Centos下为非法指令
参数 | 参数说明 |
---|---|
-H | 设置硬资源限制. |
-S | 设置软资源限制. |
-a | 显示当前所有的资源限制. |
-c size | 设置core文件的最大值.单位:blocks,默认0 |
-d size | 设置数据段的最大值.单位:kbytes,默认unlimited |
-e | 调度优先级,一般根据nice设置,默认0 |
-f size | 设置创建文件的最大值.单位:blocks,默认unlimited |
-i | 待定信号值,默认3766 |
-l size | 设置在内存中锁定进程的最大值.单位:kbytes,默认64 |
-m size | 设置可以使用的常驻内存的最大值.单位:kbytes,默认unlimited |
-n size | 设置内核可以同时打开的文件描述符的最大值,默认1024 |
-p size | 设置管道缓冲区的最大值.单位:kbytes,默认8 |
-q | 可以创建使用POSIX消息队列的最大值,单位为bytes,默认819200 |
-r | 限制程序实时优先级的范围,只针对普通用户,默认值0 |
-s size | 设置堆栈的最大值.单位:kbytes,默认8192 |
-t size | 设置CPU使用时间的最大上限.单位:seconds,默认unlimited |
-u <程序数目> | 用户最多可开启的程序数目,默认3766 |
-v size | 设置虚拟内存的最大值.单位:kbytes,默认unlimited |
-x | 锁定文件大小限制,默认unlimited,默认unlimited |
详细的解释也可以参考网上的资料https://wiki.archlinux.org/title/Limits.conf
至于hard和soft的含义,一个是只能superuser修改,一个是普通用户修改。参见https://man.archlinux.org/man/limits.conf.5
另外按照上面的man说明也提到了setrlimit,也可以看看setrlimit的详细说明。简单来说就是hard是无法超过的,而达到soft时会收到一些SIGN
/etc/security/limits.conf
上面那个命令会读取**/etc/security/limits.conf**
一般来说文件如下
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
# - NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, <domain> must be
# the literal username root.
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
# - chroot - change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
# End of file
这里介绍下参数含义
参数 | 说明 |
---|---|
domain | 是指生效实体 |
user | 用户名 |
@group | 指定用户组 |
* | 表示默认值 |
type | 指限制类型 |
soft 软限制 | |
hard | 硬限制 |
item | 限制资源 |
core | 同ulimit -c |
data | 同ulimit -d |
fsize | 同ulimit -f |
memloc | 同ulimit -l |
nofile | 同ulimit -n |
stack | 同ulimit -s |
cpu | 同ulimit -t |
nproc | 同ulimit -u |
maxlogins | 指定用户可以同时登陆的数量 |
maxsyslogins | 系统可以同时登陆的用户数 |
priority | 用户进程运行的优先级 |
locks | 用户可以锁定的文件最大值 |
sigpengding | 同ulimit -i |
msgqueue | 同ulimit -q |
另外按照arch linux的文档,还有个nice
参数用于设定优先级,-20优先级最高,19优先级最低。如果为了确保superuser能排查问题可以给root -20
在Kubernetes中应用
ulimit -SHn 65535 && \
echo '
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimited
'>>/etc/security/limits.conf
另外按照这里的说法nofile也不能设置的太大,需要用more /proc/sys/fs/file-nr
看下。不过我试了下,file-nr里面的默认值是很大的,不会超。